Commit graph

6235 commits

Author SHA1 Message Date
Andrzej Kurek 6608096544 Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:28:08 -04:00
Mohammad Azim Khan 0acbd7df03 Same ciphersuite validation in server and client hello 2018-04-20 19:58:37 +01:00
Manuel Pégourié-Gonnard 8bce3685f5 Merge remote-tracking branch 'restricted/pr/468' into mbedtls-2.7-restricted-proposed
* restricted/pr/468:
  Improve comments style
  Remove a redundant test
  Add buffer size check before cert_type_len read
  Update change log
  Add a missing buffer size check
  Correct buffer size check
2018-04-18 12:21:36 +02:00
Manuel Pégourié-Gonnard 4a9236efce Merge remote-tracking branch 'public/pr/1234' into mbedtls-2.7-proposed
* public/pr/1234:
  Doxygen: don't traverse symbolic links
2018-04-18 12:04:51 +02:00
Krzysztof Stachowiak affb4f8e90 Improve comments style 2018-04-10 13:43:23 +02:00
Krzysztof Stachowiak 5ca4c5a15d Remove a redundant test 2018-04-10 13:43:17 +02:00
Krzysztof Stachowiak 314f16136f Add buffer size check before cert_type_len read 2018-04-10 13:43:10 +02:00
Krzysztof Stachowiak 7da5088289 Update change log 2018-04-04 13:47:40 +02:00
Krzysztof Stachowiak 071f9a3e47 Add a missing buffer size check 2018-04-04 13:44:04 +02:00
Krzysztof Stachowiak 3d8663b4f9 Correct buffer size check
Further in the code the next field from the binary buffer is read. The
check contained an off by one error.
2018-04-04 13:43:00 +02:00
Gilles Peskine be97c9cc85 Merge remote-tracking branch 'upstream-public/pr/1552' into mbedtls-2.7-proposed 2018-04-04 10:31:42 +02:00
Gilles Peskine 1852d66a24 Align ChangeLog entry for PR #1401 with development 2018-04-04 10:19:24 +02:00
Jaeden Amero 33be84f679 Merge remote-tracking branch 'upstream-public/pr/1502' into mbedtls-2.7-proposed 2018-04-03 19:16:12 +01:00
Jaeden Amero 15cdc5ec7b Merge remote-tracking branch 'upstream-public/pr/1458' into mbedtls-2.7-proposed 2018-04-03 18:28:46 +01:00
Jaeden Amero d8e0cec63b Merge remote-tracking branch 'upstream-public/pr/1464' into mbedtls-2.7-proposed 2018-04-03 18:27:54 +01:00
Azim Khan 03da121663 Enable SSL test scripts to dump logs on stdout 2018-04-03 17:58:35 +01:00
Jaeden Amero b5f53b1039 Merge remote-tracking branch 'upstream-public/pr/1401' into mbedtls-2.7-proposed 2018-04-03 12:09:45 +01:00
Jaeden Amero e7dc46240d Merge remote-tracking branch 'upstream-public/pr/1543' into mbedtls-2.7-proposed 2018-04-03 12:03:30 +01:00
Andrzej Kurek ffaee0952c pk_sign: added stdlib include 2018-04-03 04:36:52 -04:00
Andrzej Kurek 350e4dc6df pk_sign: adjust return values 2018-04-03 04:04:36 -04:00
mohammad1603 29ed80f79f Fix compatibility problem in the printed message
Replace %zu with %lu and add cast for the printed value.
2018-04-02 07:34:26 -07:00
Gilles Peskine 595c84a7b1 Merge remote-tracking branch 'upstream-public/pr/1500' into mbedtls-2.7-proposed 2018-04-01 12:41:29 +02:00
Gilles Peskine 27d88212c9 Merge remote-tracking branch 'upstream-public/pr/1541' into mbedtls-2.7-proposed 2018-04-01 12:40:51 +02:00
Gilles Peskine a0e03a81a7 Merge branch 'pr_1538' into mbedtls-2.7-proposed 2018-04-01 12:35:50 +02:00
Gilles Peskine ab50464f42 Minor changelog improvement 2018-04-01 12:32:37 +02:00
Gilles Peskine f3df741d8f Add ChangeLog entry to credit independent contribution
Also: fixes #1437
2018-03-31 23:05:14 +02:00
Gilles Peskine cc78ac46e7 Update error.c 2018-03-30 18:52:10 +02:00
Gilles Peskine 5114d3e4e1 Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
Clarify what MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH and
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH mean. Add comments to highlight that
this indicates that a valid signature is present, unlike other error
codes. See
https://github.com/ARMmbed/mbedtls/pull/1149#discussion_r178130705
2018-03-30 18:43:16 +02:00
Darryl Green 28448b267f Improve documentation of mbedtls_ssl_write() 2018-03-29 16:51:16 +01:00
Andrzej Kurek a6f0957a42 Move changelog entry to bugfix from changes 2018-03-29 08:45:57 -04:00
Andrzej Kurek a24adde168 Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
Andy Leiserson 38a29ee5d0 return plaintext data faster on unpadded decryption 2018-03-29 08:39:55 -04:00
Jaeden Amero 0c692cda8b Merge remote-tracking branch 'upstream-public/pr/758' into mbedtls-2.7-proposed 2018-03-29 11:02:52 +01:00
Jaeden Amero 38e37bdd56 Merge remote-tracking branch 'upstream-public/pr/1529' into mbedtls-2.7-proposed 2018-03-29 11:00:09 +01:00
Jaeden Amero 844dcb38c8 Merge remote-tracking branch 'upstream-public/pr/1134' into mbedtls-2.7-proposed
Fixes #504 and fixes #1057 for the 2.7 branch
2018-03-29 10:54:25 +01:00
mohammad1603 44a6a688c8 Check whether INT_MAX larger than SIZE_MAX scenario
Check whether INT_MAX larger than SIZE_MAX scenario
2018-03-28 23:45:33 -07:00
Jaeden Amero 5166a188eb Merge remote-tracking branch 'upstream-public/pr/1468' into mbedtls-2.7-proposed 2018-03-28 15:36:36 +01:00
Jaeden Amero 0d891042d1 Merge remote-tracking branch 'upstream-public/pr/1524' into mbedtls-2.7-proposed 2018-03-28 15:33:45 +01:00
Jaeden Amero ef59b732c2 Merge remote-tracking branch 'upstream-public/pr/1479' into mbedtls-2.7-proposed 2018-03-28 14:21:19 +01:00
Ivan Krylov 065ecf587f Changelog: use my real name (#758) 2018-03-28 16:19:18 +03:00
Jaeden Amero 1019a6b44d Merge remote-tracking branch 'upstream-public/pr/1526' into mbedtls-2.7-proposed
Fixes #1299, fixes #1475 for the 2.7 branch
2018-03-28 12:52:59 +01:00
Jethro Beekman 004e37117c Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-28 11:29:21 +02:00
Gilles Peskine 1dc8e81f47 Add ChangeLog entry
Fixes #1299. Fixes #1475.
2018-03-27 23:18:52 +02:00
Deomid Ryabkov 980fa5839e Fix some test deps
* Cert revocation tests require `MBEDTLS_HAVE_TIME_DATE`.
 * Verison features tests require... well, `MBEDTLS_VERSION_FEATURES`, actually.

Fixes https://github.com/ARMmbed/mbedtls/issues/1475
2018-03-27 23:18:13 +02:00
Andres Amaya Garcia 3b4d5c2f7f Add ChangeLog entry for PBES2 when ASN1 disabled 2018-03-27 21:25:57 +01:00
Andres Amaya Garcia e9ff785db9 Fix test dependencies of pkcs5 pbs2 on asn1 parse 2018-03-27 21:25:55 +01:00
Andres Amaya Garcia 24e8283309 Fix coding style in pkcs5.c preprocessor directives 2018-03-27 21:25:53 +01:00
Marcos Del Sol Vives a1bc0e25b7 Compile PBES2 in PKCS5 only if ASN1 is enabled 2018-03-27 21:25:52 +01:00
Andres Amaya Garcia 28d97e1dfc Fix shared library lookup on Mac OS X when running tests 2018-03-27 20:04:20 +01:00
Andres Amaya Garcia 504ac5c884 Make DLEXT var configurable in programs and tests makefiles 2018-03-27 20:04:18 +01:00